Scam of the day – March 14, 2014 – New Citibank email scam

Today’s Scam of the day comes from my own email.  Citibank is a popular bank with more than 200 million customers throughout the world, therefore identity thieves can feel pretty confident that when they send out an email blast that many of the people receiving the email will, in fact, be Citibank customers.  This particular scam email follows a familiar pattern.   It presents what would be a reasonable reason for responding by clicking on the link; in this case it is to add security features to your account to help prevent the very types of identity theft that this scam is actually attempting to perpetrate.  It looks pretty official and the message doesn’t even have grammatical or spelling errors.  However it is a total scam.  If you click on the link in these types of scams one of two things will happen.  Either you will be sent to a phony but official looking website where you will be prompted to provide personal information that will end up being used to make you a victim of identity theft or merely by clicking on the link, you will download keystroke logging malware programs that will steal the information from your computer or other device and use that information to make you a victim of identity theft.  This identity theft tactic is called phishing.

Here is the email that I received.  DO NOT CLICK ON THE LINK.

“Dear Esteemed Customer,
We have added extra security to your Citi account to prevent identity   theft on your account.To secure your Citi account, click the link below:
Note: You need to login using your email address and password to access   before you can access the secured Citi network.
Best regards,   Citi Customer Service”


Regardless of how official an email or a text message may appear, you should never click on any links or download any attachments unless you are absolutely sure that it is legitimate.  In the case of this particular email, it was sent from an address that was not an email address of Citibank which was a sure indication that it was a scam.  Rather, it was sent from a computer address hacked into a botnet of compromised computers so that the identity thieves can send out phony emails that are difficult to trace back to the criminals.  However, even an email originating from a legitimate looking email address, can be merely a phony email.  In this particular case, if you have any thought that it might be legitimate, you should call or email Citibank at a telephone number or email address that you know is legitimate to confirm that it is a scam.  Also, make sure that you keep your anti-malware and anti-virus software up to date on all of your electronic devices.


Scam of the day – January 7, 2013 – Most dangerous websites

Phishing is the name of the scam whereby you are lured to a phony website that appears to be legitimate, however when you click on links in these phony websites, download material from these websites or provide information to these websites, you put yourself in danger of identity theft or of downloading dangerous keystroke logging malware that can steal all of the information on your computer including credit card numbers, your Social Security number, passwords and various account information.  In addition, you may unwittingly have your computer taken over as a part of a botnet (for more information about botnets, check out other postings on or in “50 Ways to Protect Your Identity in a Digital Age”) whereby your computer is made part of the botnet circulating scams around the world.


Recently Trend Micro issued a list of the most common websites that were the subjects of phony phishing websites during the past month.  The top ten websites of which you should be particularly wary of to make sure that you are dealing with the legitimate company are:  PayPal, Wells Fargo, Visa, Citibank, Bank of America, Aol, Yahoo, Hotmail, Gmail and Mastercard.  Things to look out for to avoid phishing websites are when you are directed to a website through an email that does not refer to you by name or if the email contains spelling errors or poor grammar that may indicate the email is coming from a foreign scammer (or a poorly educated American scammer).  A good rule to follow is to not click on links in emails or text messages to go to a website.  If you consider the email or message worth following up on, go to the website of the legitimate company by typing the URL that you know is correct into your browser.